Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
VideoInfoScanner: Correctly redact URLs #15228
CURL::GetRedacted does not work on decoded URLs since e.g. the password
CURL::GetRedacted does not work on decoded URLs since e.g. the password part may include an encoded @ (%40) that in decoded form will confuse the redaction and expose part of the password. Also, there is no particularly strong reason to decode URLs for log messages here. When matching the regular expressions, however, the URL must be decoded, but the username/password details are not important, so redact them before matching. Otherwise, they might get exposed during further logging done on the decoded URLs.